Posted
by
timothy
on Friday April 20, 2012 @06:40PM
from the retract-all-advice-to-mom dept.

Sparrowvsrevolution writes "Security firm Dr. Web released new statistics Friday showing that the process of eliminating Flashback from Macs is proceeding far slower than expected: On Friday the security firm, which first spotted the Mac botnet earlier this month, released new data showing that 610,000 active infected machines were counted Wednesday and 566,000 were counted Thursday. That's a slim decrease from the peak of 650,000 to 700,000 machines infected with the malware when Apple released its cleanup tool for the trojan late last week. Earlier in the week, Symantec reported that only 140,000 machines remained infected, but admitted Friday that an error in its measurement caused it to underestimate the remaining infections, and it now agrees with Dr. Web's much more pessimistic numbers."

I had wondered how in the hell it got that low that fast--a couple of days after Symantec reported 140,000, they or someone else reported 30,000. But checking the Java vulnerability against versions installed with Mac OS X, it seems that 10.4 and 10.5 should also be vulnerable, while Apple only patched for 10.6 and 10.7. That alone should prevent the numbers dropping so far so fast. Sigh. Smooth move Apple.

That's right. However, according to Adium developers' statistics [1], only 13% of OS X users run 10.5 and 3.33% run 10.4. If you do the math and calculate probability with which someone can get infected, you will reach, I believe, very low numbers. 10.5 being apple's equivalent of vista, is dying every day and will be lost in the dust soon.

Wow...10.5 was released in 2007 and its ALREADY unsupported according to the wiki? damn maybe folks shouldn't have marked the AC a troll that made the joke about buying a new Mac every year. I thought the big selling point on the Mac was how "high quality" Macs were? Yet the support drops after less than 5 years? I guess that's why I never really got into macs, i just don't get it.

As for TFA can we FINALLY acknowledge and admit that what the windows guys have been saying all these years is true, that you become a big enough target and you WILL get malware? After all we've seen this with both Apple and Linux with Android, and frankly it should have been incredibly obvious with just a moment's thought. I mean where do Windows viruses come from? Well since Vista made running as a limited user mandatory the vast majority I've seen has been PEBKAC, so how can switching OSes magically turn a PEBKAC user into an admin? Answer...it can't and that was the point.

In the end one can't escape the simple fact that ALL OSes are extremely complex collections of very advanced programs and as we all know the more advanced something is the easier it is for a clueless person to break it. Sadly in this case the clueless user was Apple for not pushing out the bog standard version of Java and instead insisting on rolling their own, which would have been fine if it could do so VERY quickly but instead the apple version of java fell farther and farther behind the mainstream. At that point a major attack was inevitable, the only question was when.

If I was a paranoid person i'd have to wonder if this wasn't by design, after all who would fault Apple if they restricted or outright banned Java as a security risk now? Of course Java like Flash allows one to run web based apps which bypasses the appstore which Apple has sunk so much into so a pessimist might say that Apple wants java to go the way of flash and what better way than to remove it to better protect the user?

Wow...10.5 was released in 2007 and its ALREADY unsupported according to the wiki? damn maybe folks shouldn't have marked the AC a troll that made the joke about buying a new Mac every year. I thought the big selling point on the Mac was how "high quality" Macs were? Yet the support drops after less than 5 years? I guess that's why I never really got into macs, i just don't get it.

10.5 was the last version that ran on PowerPC machines. People with older PowerPC machines who wanted to keep up to date with the OS needed to upgrade to Intel hardware to run 10.6.

10.6 for existing Intel Mac owners was $25. From what I've read and seen, a massive percentage of the user base upgraded to 10.6 pretty quickly. 10.6 wasn't a massive upgrade, but by shedding all of the PowerPC support and through compiler optimization, threading and multi-core support improvements (Grand Central Dispatch, and its use by most of the core applications), improved 64 bit support (including a 64-bit kernel and 64-bit apps), and various Intel-specific improvements, 10.6 was a pretty massive upgrade from 10.5 in terms of speed. According to this press release, OS X 10.6 saw twice as many purchases in its first week of release as 10.5 (four times more than 10.4's first week), with sales declining by only 25% in the second week. As such, from a practical standpoint for most Mac users, it's a non-issue, as the majority are now running 10.6 or 10.7 (roughly 78% according to the Adium page quoted by the GP post). 10.6 was such a massive improvement and so cheap (relative to other commercial OS's) that the only real reason to stick with 10.5 was if you're still on PowerPC hardware.

In terms of hardware support according to Apple [apple.com] systems go into "Vintage" classification if they're between 5 and 7 years old (which for most of the world means "obsolete/unsupported").

If I was a paranoid person i'd have to wonder if this wasn't by design, after all who would fault Apple if they restricted or outright banned Java as a security risk now?

Apple already dropped Java from OS X 10.7. It isn't included at all, but can download and install itself if it's needed (it will typically offer to do so if you try to run anything that requires it).

The latest Java updates disable Java applet support in Safari and other browsers that use Apple's Java plug-in. You can re-enable this if you need it, however it will disable itself again after a period of disuse. To be honest, while I've long been a Java developer and have no problem with rich Java applications, Java applets are a dead technology anyhow. I haven't come across one in many, many years now.

Point being, Apple has been moving in this direction for a while. At one point (back in 10.1 IIRC) Java was supposed to be one of the top-level development languages for the Mac. Apple developed and provided the Java Cocoa bindings, which allowed UIs designed in their Interface Builder tool to be bound to Java applications, and Cocoa objects to be easily accessed via Java (and vice-versa). This was deprecated in 2005. Then Apple decided not to support Java in iOS (smart move IMO). Now it's no longer included with the OS, is only available as a downloadable add-on, and applet support is disabled by default. I don't predict they'll be getting rid of it entirely (there are a lot of Java developers on OS X, yours truly included) -- IIRC they're trying to transition to having Oracle maintain it alongside the Linux and Windows versions, instead of doing it themselves. They just want to move into a model more akin to Window's Java support -- it works fine, and applications run just fine, but you have to get it from Oracle as a separate install.

All of which reminds me -- my parents are the type who continually ignore the pop-ups that software updates are available for their Mac (no matter how many times I've told them they need to stay up-to-date). I should call them this

This is the single biggest reason why macs upgrade fast. Apple doesn't overprice their upgrades, and they do a terrific job of advertising them. It makes it much more palatable to upgrade than the budget killer that MS drops on us every so often.

This is the single biggest reason why macs upgrade fast. Apple doesn't overprice their upgrades, and they do a terrific job of advertising them. It makes it much more palatable to upgrade than the budget killer that MS drops on us every so often.

The real budget killer is periodically having to buy a whole new computer to run a supported OS. It especially has to painful given how expensive the computers are. Microsoft supports older versions of Windows for so long that the support will likely outlast the hardware. I could have bought an XP machine a full 10 years ago, and it will still be getting updates for it for almost another 2 more years, without giving another dime to Microsoft.

That's why I never understood the complaints. Sure i personally would prefer if MSFT kept that $50 Win 7 Home deal but the simple fact is the vast majority will get Windows on their new PC and the PC itself will be positively ancient before it runs out of being supported. Take my nettop for example, its a circa 2004 Sempron 1.8GHz with 1.5Gb of RAM. That machine is now 8 years old, every single thing about it is horribly out of date, the CPU socket, RAM, even the HDD interface is more than 2 generations beh

Doesn't help if you've got a PowerPC Mac, of course, since it will only run 10.5, and is still fast enough for a lot of things, especially if it's something like a dual 2GHz G5 (although even a 1.5GHz G4 is faster than the old PC my mother still uses).

Still, I'm sure that these numbers will make someone at Oracle happy: at least half a million people still have machines set up to run Java applets...

Symantec have admitted their 140,000 was too low. The trojan uses DNS generation partly based on date on where to look for C&C servers. AV companies are building honeypots on those DNS names to 'capture' infected machines - and then use that to estimate how many machines in the wild are still infected. Turns out, some ISPs are also blocking the DNS names from resolving at all - so not only don't they connect to the dodgy C&C controllers, they don't connect to honeypots either. On top of that, the in

Come when 10.8 is released, a whopping 65% of Mac users on 10.4-10.6 will be ripe for the pickings

Because Apple only updates the last two OS X versions in circulation, then is now releasing a new OS X version every year.

Microsoft on the other hand issues updates for their OS for 10 years?

Mac's a better value? Less prone to malware? Not for too much longer...

... and yet I find it hilarious when I read all the angry rants on wired.com and here on how poor old XP is going to lose support in 2 years a mere 13.5 years after launch.

This dwells into the more serious issue of the security nightmare that will come when all internet enabled computers that are more used like XP become abandonded. Personally I think it would be a good idea to disable port 80 on all devices 3 months after support ends to keep the upcoming security nightmare. It will anger many users but many malware writters will target XP if MacOSX has so many infections yet remains so small marketshare wise still. We do not allow vehicles with rags for a gas cap to go on the road right?

I understand Apple losses money to support users but something should be done. If not after a few billion lost dollars in bank accounts will create some nasty lawsuits.

You could stash one today and (try to) sell it 10 years down the line. But why would it obligate, whether legally or morally, Microsoft to support it?

What can be reasonably counted is the date of the last sale of an OEM license from Microsoft to any hardware manufacturer or reseller. According to Wikipedia, OEM XP was available until October 22, 2010 - and then only for netbooks; for other PCs, no OEM licenses were sold after June 30, 2008.

They're probably used off-lease corporate machines, given the processor speed and price. There are lots of places that'll sell you an old Dell/HP/Lenovo/whatever P4 or early Core system for $100 - $150 or so with an XP license.

Except that is not how the MS support lifecycle currently works unfortunately. It guarantees mainstream support for 5 years after this version's release, or 2 years after the next version's release, whatever is later. In other words, the only reason XP is getting more than 10 years of support is the Longhorn delays (I still remember when mainstream support for it was to end in December 31, 2006!).

The relevant period here would be extended support rather than mainstream, since extended support still includes security fixes. And extended support lasts either 5 more years after mainstream support ends, or 2 years after the second next version is released, whichever is longer.

So, basically, you'll keep getting security fixes for the product for at least 10 years.

I have more sympathy for those who blew $2,000 for an iMac only to be dumped in 3 years

I'm not clear on how those iMac users were dumped. The upgrade from Leopard to Snow Leopard was only $29.95. The upgrade from Snow Leopard to Lion was priced the same and I expect Mountain Lion will be too. The PPC crowd will have a different experience, but that production ended about six years ago when the architecture changed. The path from Windows 95 to NT, 2000, XP, Vista and then Windows 7 cost significantly more and it required new hardware along the path as well. Microsoft does go to extraordin

I'd welcome discussion of the assertion that users were dumped. They're free to upgrade or select a new OS at any time as long as the hardware is viable. Sometimes hardware reaches the end of life because technology advances in a new direction. It happened for MS/PC/DR-DOS, OS/2, BSD, games, etc. As for the Cisco comment, it isn't entirely accurate. Cisco has a preferred browser, but you're certainly not required to use their choice any more t

I understand Apple losses money to support users but something should be done. If not after a few billion lost dollars in bank accounts will create some nasty lawsuits.

Apple has been getting more serious about security for awhile (in comparison to, "we're unix, we're ok"). Sandbox, gatekeeper, removal of automatic execution, malware removal tool, etc. They need to gt a LOT better in how they respond though.

Apple clearly understands support in general though. They routinely get excellent marks on their support. See the genius bars as an example. I personally have had out of warranty macs repaired for free. My sister had an out of warranty Macbook case top replaced when it chipped. And so forth. Support is one of the big reasons to buy an Apple, imho.

PPC macs have not been sold since 2006. They are no longer supported (we still run 2 power pc macs running 10.4 at work, fwiw, running legacy applications). They were supported through the end of 10.5 (early 2011). 5+ years.

OSX 10.6 and 10.7 are being actively updated. I hate 10.7 and have stuck with 10.6.

First generation Intel Macs were released running 10.4. First generation Intel macs can run OSX 10.7, so they are still supported. They will no longer be supported with 10.8. ~6 years.

Apple seems to roughly support hardware for at least 5 years (given that we've gone through a PPC->Intel transition AND a 32-bit to 64-bit transition in the last ~7 years, not too shabby). I hope they will keep updating 10.6 now that they are hurrying up their OS release schedules.

Personally I think it would be a good idea to disable port 80 on all devices 3 months after support ends to keep the upcoming security nightmare. It will anger many users but many malware writters will target XP if MacOSX has so many infections yet remains so small marketshare wise still. We do not allow vehicles with rags for a gas cap to go on the road right?

Just out of curiosity, what was your opinion when Sony removed Boot Other OS from the PS3? "It's their right to patch systems if you want to keep using their servers" or "they're removing a valued feature without asking the users, this is fraud and theft!"

What's scary is the number of NEW embedded systems like Point Of Sale, ATM, and factory control systems that are still shipping with Windows XP. There are still a bunch of software vendors that STILL have not updated their software to work with Windows 7.... and Windows 8 is right around the corner.

I'm RELIEVED to know that new systems are using XP. I can't tell you how many systems I run across still running 2000. Make me think, though, that since the Armageddon predicted over the deprecation of 2000 never materialized, perhaps we'll dodge the bullet with XP, as well.

AFAIK Stuxnet was developed before Win2000 ended support and was discovered just after, which means it did target Win2K, but patches for the vulns Stuxnet targeted are not available for Win2k without a CSA. This is a targeted attack though.

Microsoft can't take money from corporations with their contracts if they're not going to provide longer support. Microsoft also charges hundreds for its OS. Apple charges like £20.99. There is no good reason not to be on a 5 year old operating system unless you're a PPC user and then it's just tough luck because you're on dead hardware.

According to wikipedia [wikipedia.org], Flashback uses web redirects and javascript to automatically load a Java applet that contains the vulnerability.

In my book, it's only a Trojan if a real person is duped into executing it, and IMHO an infected legitimate website redirecting someone to a malicious website that automatically runs something that infects the user's computer does not count as duping a person into executing something.

TL;DR: Flashback is not a trojan. We need a new term for this type of threat.

If you do not click on it, it is malware and will use a memory corruption bug to infect your account. You can delete your account to delete it. If you do click on it the malware turns into a deadlier trojan that runs as administrator and is more difficult to remove.

Most malware these days regardless of type target multiple vulnerabilities. Since IE and Chrome have a sandbox... what is up with Firefox not having one?... you need to first get past the sanbox. Afte

Did the user perform an innocuous action that lead to the trojan being run? It sounds like you have to visit a website hosting the trojan with a vulnerable computer (a user-initiated action, btw) and you're infected. That seems to meet the definition of a trojan to me. If you just connect a vulnerable Mac to the network and let it sit, it won't be compromised this way.

So yes, Trojan is accurate. A user is tricked into downloading and running something malicious. A user could theoretically avoid an infection

I think many people who assume they are invulnerable and have older macs probably have no clue they are even infected. I am curious what the percentage of older MacOSX installations are? Not everyone can afford or want to buy an expensive iMac/Powerbook every 3 years.

I for one welcome our Mac brethren to the world of Real Computing, where your device will get infected if you don't have any anti-virus protection, and will still get infected even if you do have anti-virus protection if you're ignorant.

40? Not really. 20 maybe, but in and before the '80s the term 'UNIX security' was something that users of things like VMS and OS/370 said while sniggering. A big part of the success of UNIX was that it ran on cheaper hardware than a real operating system...

I was always under the "assumption" that the success of Unix had to do with the fact that it was written mainly in C so you could port it to any platform with a C compiler

UNIX emerged at a time when the cost of computer was far greater than the cost of the developer effort to write an OS. Writing an OS from scratch in assembly (or, occasionally, in Algol or similar) was a fairly common task at the time and the OS was often a differentiating feature (e.g. VM/370).

, that it supported a rich programming API even very early on,

Nope, it supported an incredibly limited API. No initial support for shared libraries, no support for structured files, no ACLs. It was very primitive in comparison to mainframe or minicomputer operating systems

Actually, you're completely wrong. Not because the real-time scan would have caught the exploit applet at first (although any decent antivirus has now had the definition for all known variants for a few weeks) but because this malware explicitly targets people who don't give a damn about their computer's security.

The drive-by download's payload is an installer. Before it installs the botnet kit, the installer checks the filesystem for a list of security programs, including antivirus software. If it find any

And that's why the Appleverse is taking embarrassingly long to clean up this particular mess. It deliberately targeted the weakest users and infected them all before the more savvy users could catch on.

I'm not discrediting these guys and I'm honestly curious: How to they arrive at these numbers? How does one determine if a computer is infected without access to said computer?

Do they port scan 1000 random machines and extrapolate from there? I'm genuinely curious to know their methods. How could they arrive at such a precise number? Surely they must only have a sample of macs and use statistical models to extrapolate, right? They can't scan all the macs, right? right?

Do they port scan 1000 random machines and extrapolate from there? I'm genuinely curious to know their methods. How could they arrive at such a precise number? Surely they must only have a sample of macs and use statistical models to extrapolate, right? They can't scan all the macs, right? right?
How do they do it?!?!

My understanding is that infected Macs try to contact a command-and-control server with a unique identifier in order to get the trojan payload. Several of the anti-virus/security companies have ben able to hijack the command-and-control system to insert their own system (probably via DNS entry changes at some major ISPs) that infected Macs then try to connect to. They record the unique ID's in the request messages, and then extrapolate the results accordingly.

Or so they say. I tend to agree with one of the ARS posters: "Am I mistaken, are are all the numbers out from antivirus vendors, all people with a monetary stake in finding more infections rather than less? I do not recall seeing an independent verification of any count; did I miss one? Every time I read about an "independent" source "confirming" the numbers, it's another vendor with an obvious bias--the same vendors who have been exaggerating Mac threats for the past 7 years and more. I mean, if Fox News r

...would hire those two dudes from the "I'm a Mac and I'm a PC" commercial for a reunion commercial. I'm sure Apple would sue, though, because Apple only has a sense of humor when they are making fun of other people.

With the number of machines that remain, it seems clear also that Mac users aren't using auto updates. What's up with that?

You're surprised that users dont install updates? Or choose to skip updates when they are offered? You must be new here... (and by here, I mean, anywhere) This is hardly a problem that is unique to mac users or even ignorant users.

That's why Windows 7 pretty much just silently downloads and installs updates unless you go out of your way to tell it otherwise. They realized that it was worth drawing the wrath of nerds who hate not being in control to help the vast majority of clueless users.

The Software Update only notifies you of an available update and optionally downloads it in the background. It does not install the update automatically, a user has to click to start the update (and would have to provide admin authentication if they weren't logged into an admin account).

It's even more retarded than that. It tells you there's a handful of updates and makes you log off. Then you have to sit and watch while it downloads the updates on your now incapacitated desktop. Then you have to watch as it updates itunes or quicktime... Why does upgrading a media player mean you have to reboot your computer? So not only do I lose all the context in all of my terminal sessions, I have to sit and watch it download, and then watch it reboot. Then after the reboot, after I start working

I maintain 6 macs, and then are always up to date... I have never seen what you described (save the occasionally having to reboot with updates)...

I have seen EXACTLY what he described in the most recent update with Snow Leopard (maybe the magic intrusion-free update feature was only introduced in Lion?) The system prompted about needing to reboot for updates and after it was OKed, it probably spent at least 10 minutes in "update mode".

You didn't read the question asked in the dialog? The one asking *your* permission to download and install updates and reboot your computer? You didn't understand that 'Continue' means 'yeah, go ahead, install and reboot'? You didn't see the 'not now' button next to it, allowing you to continue working without interruption?

Helpful tip: read the dialog and make sure you understand the question asked before clicking any button.

(You can configure Software Update to download updates in the background, in which

This is not the typical update cycle, although I remember that one in recent memory.

Usually, a popup informs me there are updates available. I ignore it for a while, and finally click "OK". It does some updating, in the background, and finally displays a dialog box for me to reboot. I ignore that for about a day, and when I'm free and relaxed, and the battery is fully charged or whatever, I let it reboot.

...and as far as the mystery reboots, I am fairly certain these are due to security updates that Apple doesn't tell us about. Not that I think that's a terribly good idea, but you know... the amount of headache I get from Apple Computer, in terms of preventing me from being productive, is actually pretty slim compared to the equivalent from Microsoft. And I think that's significant considering how locked down the Apple OS is. To be fair, I'm including Mac Office and Windows Office in with Microsoft Windo

What the hell is this rebooting you speak of? I thought Macs were Unix-based? You only reboot when you install new hardware or when you do a kernel update. (I should add that on a random-joe-system, kernel updates should be pretty infrequent since they don't need bleeding edge kernels). This sounds not much better than windows, IMHO.

Also, I wonder how Apple, the paragon of UI design, has never been able to implement a good window manager? It makes my eyes bleed every time I try to place Firefox and a ter

Also, I wonder how Apple, the paragon of UI design, has never been able to implement a good window manager? It makes my eyes bleed every time I try to place Firefox and a terminal window side-by-side on a friends machine.

Agreed, BetterSnapTool solves this issue, though it should be integrated into the OS from the get-go...

They fixed (that much) in Lion. Now, when you quit Terminal with terminals still open, restarting it brings back those terminals and all the context with them.

It's still actually closing the shell, so if you had three terminals open, your.bash_history is still "who the fuck knows," but you'll at least still have the last page or so of terminal output, and the terminals resume in the same directory they were in. Even after reboots. It's nice.

I'm not infected (checked), but perhaps about 50% of those that "haven't installed the updates" is because people refuse to upgrade? I refuse to pay for an upgrade that will no doubt slow my Macbook Pro down and cause random issues.

You might be shocked at the amount of "automatic" updates the mac doesn't install. Air doesn't get patched by Adobe's own patches, MSFT Office only gets patched by it's own update program, etc...

I'm not really shocked that OSX doesn't install third-party updates. That's the case on all three mainstream OS families. Linux distros appear to be an exception, but that's only because most people generally use software from the distro repositories.

Canonical and Apple both now offer proper stores for selling, installing, and updating third party software. They both need work and many publishers don't use them, but at least we're making some, slow progress.

I'm not infected (checked), but perhaps about 50% of those that "haven't installed the updates" is because people refuse to upgrade?

That's an interesting possibility. Netmarketshare.com puts 10.6 and 10.7 users as 82% of all Macs. 10.5 is 14%, but Apple is now offering a free upgrade to those users to 10.6. so 96% of Mac users can get this security update for free without manually installing Java (lets assume most users aren't technical enough to understand how). That means there are maybe 30 million Macs out there connected to the net that can't get free updates (All of them at least 6 years old).

I refuse to pay for an upgrade that will no doubt slow my Macbook Pro down and cause random issues.

They don't know. How would they? Not everyone reads the news or understand what it means in cases like this. Maybe the nerds do but that's a tiny fraction. I was even confused by this as I got no explicit update pushed, though it turned out it was part of the Java update, and it only applies to Lion anyway. Maybe people just have auto-update of software turned off (which is normally a good idea, always have it ask you first)? Maybe they haven't rebooted the macs yet, which is required before infected

The updates are only available for Snow Leopard and Lion. If you're on Leopard (10.5) (still sold up until summer 2009) or older, you don't get the security patches OR the latest fixes to remove infection. Apple only support current and previous OS versions for security. Once Mountain Lion comes out in a couple of months, anyone who's running an OS older than october 2010 goes under the bus. Note, they're still selling snow leopard right now, as you need to install it first to go to lion - you can't jump from leopard to lion direct, as leopard don't have the app store needed. You can of course download and make a USB clean installer from an existing lion Mac, but if you've only got one physical machine and no-one can help you make an install, leopard -> snow leopard -> lion it is (pre-made lion install usb keys not available here)

We criticise microsoft for ending support for XP after 13 years, and Apple drops all support after TWO and get a pass? Something like 25% of mac users are using Leopard or older - not least due the removal of PPC support in snow leopard. Mountain Lion looks pretty pointless unless you're also an icloud user, and the steady of killing off of carbon library support in Lion and Mountain Lion means you may have to stick to snow leopard if a key app doesn't run on Lion yet - and you'll be in the same boat as Leopard users right now, running an 'obsolete' unsupported OS with no security patches that's still for sale right now!

Now apple are switching to an annual OSX release, they REALLY need to still support older OSes - such as the soon to be EOL'd snow leopard - longer than they do for critical security patches, such as this one. Apple decided they wanted to control java installation on OSX, they should have the decency to get security patches out for it in a prompt timescale. Don't forget, the whole reason this happened is Apple sat on upstream java security patches for months for even current OSX users - if they'd pushed out the patches THEN, instead of waiting for half a million + users to get infected...

We criticise(sic) microsoft for ending support for XP after 13 years, and Apple drops all support after TWO and get a pass? Something like 25% of mac users are using Leopard or older - not least due the removal of PPC support in snow leopard.

First, the 13 years of MS support for MS WIndows XP is not a good metric. MS actually only supported retail XP for less than a year after retail sales ended, and it might have been possible for a consumer to buy a new XP machine with no support.

The default setting for auto-updates is that the machine checks once a week. Then I tend to postpone the actual installation a few times if it requires a reboot (and security updates generally do). So I'm not surprised that not everyone has installed the update in the 4 days between release and the day the stats were taken.

Windows and even IE has been getting harder and harder to crack in after the laughing bad issue with XP pre SP1 and IE 6. Windows 7 has ASLR, DEP with all services, special VC2010 exception checking at runtime executable support, and sanboxing. Windows 8 and IE 10 have 2 sandboxes to get an exploit pass.

Ask any enterprise who migrated from XP to Windows 7 and they all say a drop in malware and virus infections is the first thing they notice.

Ask any enterprise who migrated from XP to Windows 7 and they all say a drop in malware and virus infections is the first thing they notice.

Flash drive Autorun viruses!

By default XP SP1 and newer (IIRC) while not automatically running autorun.inf files from flash drives, will give you the "What do you want to do" prompt including the autorun option. If you decline that, but double click the drive in my computer it will go ahead and run the autorun with no warning or indication. The default action on Windows 7 is to not even try to run autorun from flash drives.

On any computer I have control over (personal or for work) I completely disable autorun because:a) It's annoyingb) It's dangerous.

Two large corporations I've worked for recently (still using XP) did not disable autorun! It's amazing how much autorun malware runs rampant. Crappy overpriced Symantec or McAfee don't pick them up either. I alert people when I stick their flash drive in my computer and notice hidden autorun.inf files, and hidden mischievous folders with random file names. I usually get stunned looks from them.

I also get stunned looks from IT when I point out the gaping, tractor-trailer sized hole in their security.

No, they're not. While OSX will put files like.DS_Store on flash drives, those aren't the files I'm talking about. I'm talking about files pointed to in the autorun.inf. Half the time they're hidden in a "Recycler" folder. Recycle bin doesn't exist on removable drives. Files that while overpriced McAfee and Symantec don't pick them up, submitting them to virustotal comes back with some hits.

Modded overrated? Why? For speaking the truth? If you disagree, post a reply explaining why I'm wrong. I've personally used their Linux AV scanner for the last 5 years, to scan attachments on mail passing through my servers.

There actually was an article on Slashdot that had a link to the information you mentioned. It said how to check to see if you were infected and told how to remove it. By asking why something something that was posted wasn't posted, you are doing little to improve our collective opinion of Mac users.

Well, hang on here. I've run some flavor of Mac OS since 1979 (truth be told a bit off and on, but lots more on than off) and I have never suffered a virus either. I'm not caviler about it though...I run Little Snitch, an AV, have inbound firewalls rules set, keep up on my patches and get my pR0n through a sandbox VM. I see no need to tempt fate.

I also do the same on my Nix and Win boxes as well, with the same results (I did get a virus back in 1995 on a Windows box, which is when I started to tighten up